/*
 * Copyright (c) Rafael Steil
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, 
 * with or without modification, are permitted provided 
 * that the following conditions are met:
 * 
 * 1) Redistributions of source code must retain the above 
 * copyright notice, this list of conditions and the 
 * following  disclaimer.
 * 2)  Redistributions in binary form must reproduce the 
 * above copyright notice, this list of conditions and 
 * the following disclaimer in the documentation and/or 
 * other materials provided with the distribution.
 * 3) Neither the name of "Rafael Steil" nor 
 * the names of its contributors may be used to endorse 
 * or promote products derived from this software without 
 * specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT 
 * HOLDERS AND CONTRIBUTORS "AS IS" AND ANY 
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, 
 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 
 * THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE 
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, 
 * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 
 * IN CONTRACT, STRICT LIABILITY, OR TORT 
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
 * 
 * This file creation date: 21/09/2003 / 16:36:44
 * The JForum Project
 * http://www.jforum.net
 */
package net.jforum.security;

import java.io.File;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;

import net.jforum.JForumExecutionContext;
import net.jforum.exceptions.XMLException;
import net.jforum.util.FormSelectedData;
import net.jforum.util.preferences.SystemGlobals;

import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import org.xml.sax.helpers.DefaultHandler;

/**
 * Manipulates XML permission control file definition
 * 
 * @author Rafael Steil
 * @version $Id$
 */
public class XMLPermissionControl extends DefaultHandler {
	private PermissionSection section;

	private PermissionControl pc;

	private List listSections;
	private List permissionData;

	private Map queries;

	private String permissionName;
	private String permissionId;
	private String permissionType;

	private boolean alreadySelected;

	private static class SelectData {
		private int id;
		private String name;

		public SelectData(int id, String name) {
			this.id = id;
			this.name = name;
		}

		public int getId() {
			return this.id;
		}

		public String getName() {
			return this.name;
		}
	}

	public XMLPermissionControl(PermissionControl pc) {
		this.listSections = new ArrayList();
		this.permissionData = new ArrayList();
		this.queries = new HashMap();
		this.pc = pc;
	}

	/**
	 * @return <code>List</code> object containing <code>Section</code>
	 *         objects. Each <code>Section</code> contains many
	 *         <code>PermissionItem</code> objects, which represent the
	 *         permission elements of some section. For its turn, the
	 *         <code>PermissionItem</code> objects have many
	 *         <code>FormSelectedData</code> objects, which are the ones
	 *         responsible to store field values, and which values are checked
	 *         and which not.
	 */
	public List loadConfigurations(String xmlFile) throws Exception {
		SAXParserFactory factory = SAXParserFactory.newInstance();
		factory.setValidating(false);

		SAXParser parser = factory.newSAXParser();
		File fileInput = new File(xmlFile);

		if (fileInput.exists()) {
			parser.parse(fileInput, this);
		} else {
			InputSource inputSource = new InputSource(xmlFile);
			parser.parse(inputSource, this);
		}

		return this.listSections;
	}

	/**
	 * @see org.xml.sax.ContentHandler#endElement(String, String, String)
	 */
	public void endElement(String namespaceURI, String localName, String tag)
			throws SAXException {
		if (tag.equals("section")) {
			this.listSections.add(this.section);
		} else if (tag.equals("permission")) {
			this.section
					.addPermission(new PermissionItem(this.permissionName,
							this.permissionId, this.permissionType,
							this.permissionData));

			this.permissionData = new ArrayList();
		}
	}

	/**
	 * @see org.xml.sax.ErrorHandler#error(SAXParseException)
	 */
	public void error(SAXParseException exception) throws SAXException {
		throw exception;
	}

	/**
	 * @see org.xml.sax.ContentHandler#startElement(String, String, String,
	 *      Attributes)
	 */
	public void startElement(String namespaceURI, String localName, String tag,
			Attributes atts) throws SAXException {
		if (tag.equals("section")) {
			this.section = new PermissionSection(atts.getValue("title"), atts
					.getValue("id"));
		} else if (tag.equals("permission")) {
			this.permissionName = atts.getValue("title");
			this.permissionId = atts.getValue("id");
			this.permissionType = atts.getValue("type");
			this.alreadySelected = false;
		} else if (tag.equals("sql")) {
			ResultSet rs = null;
			PreparedStatement p = null;

			String refName = atts.getValue("refName");

			// If refName is present, then we have a template query
			if (refName != null) {
				try {
					p = JForumExecutionContext.getConnection()
							.prepareStatement(
									SystemGlobals.getSql(atts
											.getValue("queryName")));
					rs = p.executeQuery();

					String valueField = atts.getValue("valueField");
					String captionField = atts.getValue("captionField");

					List l = new ArrayList();

					while (rs.next()) {
						l.add(new SelectData(rs.getInt(valueField), rs
								.getString(captionField)));
					}

					this.queries.put(refName, l);
				} catch (Exception e) {
					throw new XMLException(e);
				} finally {
					try {
						if (rs != null) {
							rs.close();
							p.close();
						}
					} catch (Exception e) {
						throw new XMLException(e);
					}
				}
			} else {
				// If it gets here, then it should be a <sql ref="xxxx"> section
				RoleValueCollection roleValues = new RoleValueCollection();
				Role role = this.pc.getRole(this.permissionId);

				if (role != null) {
					roleValues = role.getValues();
				}

				List l = (List) this.queries.get(atts.getValue("ref"));

				for (Iterator iter = l.iterator(); iter.hasNext();) {
					SelectData data = (SelectData) iter.next();

					String id = Integer.toString(data.getId());
					RoleValue rv = roleValues.get(id);

					this.permissionData
							.add(new FormSelectedData(
									data.getName(),
									id,
									rv != null
											&& rv.getType() == PermissionControl.ROLE_DENY));
				}
			}
		} else if (tag.equals("option")) {
			boolean selected = false;

			if (this.permissionType.equals("single")) {
				if (this.pc.canAccess(this.permissionId)
						&& atts.getValue("value").equals("allow")
						&& !this.alreadySelected) {
					selected = true;
					this.alreadySelected = true;
				}
			} else {
				// TODO: Implement this
				throw new UnsupportedOperationException(
						"'option' tag with 'multiple' attribute support not yet implemented");
			}

			this.permissionData
					.add(new FormSelectedData(atts.getValue("description"),
							atts.getValue("value"), selected));
		}
	}

}